Nightfall Documentation
  • Sensitive Data Protection
  • Data Security Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Welcome
  • Introduction to Firewall for AI
    • Overview
    • Quickstart
    • Use Cases
    • Authentication and Security
  • Key Concepts
    • Entities and Terms to Know
    • Setting Up Nightfall
      • Creating API Key
      • Creating Detectors
      • Creating Detection Rules
      • Creating Policies
    • Alerting
    • Scanning Text
    • Scanning Files
      • Supported File Types
      • File Scanning and Webhooks
      • Uploading and Scanning API Calls
      • Special File Types
      • Specialized File Detectors
      • Webhooks and Asynchronous Notifications
        • Accessing Your Webhook Signing Key
        • Creating a Webhook Server
    • Scanning Features
      • Using Pre-Configured Detection Rules
        • Scanning Images for patterns using Custom Regex Detectors
      • Creating an Inline Detection Rule
      • Using Exclusion Rules
      • Using Context Rules
      • Using Redaction
      • Using Policies to Send Alerts
      • Detecting Secrets
      • PHI Detection Rules
    • Detector Glossary
    • Test Datasets
    • Errors
    • Nightfall Playground
  • Nightfall APIs
    • DLP APIs - Firewall for AI Platform
      • Scan Plain Text
      • Initiate File Upload
      • Upload File Chunk
      • Complete File Upload
      • Scan Uploaded File
      • Rate Limits for Firewall APIs
    • DLP APIs - Native SaaS Apps
      • Fetch Violations
      • Fetch Violations by ID
      • Search Violations
      • Fetch Violation Findings
      • Take Action on Violations
      • Fetch Annotations
      • Annotate Findings
      • Remove Annotation Findings
      • Fetch GitHub Repositories
      • Policy User Scope Update API
      • Rate Limits for Native SaaS app APIs
  • Nightfall Software Development Kit (SDK)
    • Overview
    • Java SDK
    • Python SDK
    • Go SDK
    • Node.JS SDK
  • Language Specific Guides
    • Overview
    • Python
    • Ruby
    • Java
  • Tutorials
    • GenAI Protection
      • OpenAI Prompt Sanitization Tutorial
      • Anthropic Prompt Sanitization Tutorial
      • LangChain Prompt Sanitization Tutorial
    • SaaS Protection
      • HubSpot DLP Tutorial
      • Zendesk DLP Tutorial
    • Observability Protection
      • Datadog DLP Tutorial
      • New Relic DLP Tutorial
    • Datastore Protection
      • Airtable DLP Tutorial
      • Amazon Kinesis DLP Tutorial
      • Amazon RDS DLP Tutorial
      • Amazon RDS DLP Tutorial - Full Scan
      • Amazon S3 DLP Tutorial
      • Elasticsearch DLP Tutorial
      • Snowflake DLP Tutorial
  • Nightfall Use Cases
    • Overview
    • GenAI Content Filtering-How to prevent exposure of sensitive data
    • Redacting Sensitive Data in 4 Lines of Code
    • Detecting Sensitive Data in SMS Automations
    • Building Endpoint DLP to Detect PII on Your Machine in Real-Time
    • Deploy a File Scanner for Sensitive Data in 40 Lines of Code
    • Using Scan API (with Python)
  • FAQs
    • What Can I do with the Firewall for AI
    • How quickly can I get started with Firewall for AI?
    • What types of data can I scan with API?
    • What types of detectors are supported out of the box?
    • Can I customize or bring my own detectors?
    • What is the pricing model?
    • How do I know my data is secure?
    • How do I get in touch with you?
    • Can I test out the detection and my own detection rules before writing any code?
    • How does Nightfall support custom data types?
    • How does Nightfall's Firewall for AI differs from other solutions?
  • Nightfall Playground
  • Login to Nightfall
  • Contact Us
Powered by GitBook
On this page
  • Using Redaction to Mask Findings
  • Using the File Scanning Endpoint with New Relic
  • Prerequisites
  • Steps to use the Endpoint

Was this helpful?

Export as PDF
  1. Tutorials
  2. Observability Protection

New Relic DLP Tutorial

New Relic is a Software as a Service offering that focuses on performance and availability monitoring.

This tutorial allows you to scan your New Relic logs using the Nightfall API/SDK.

You will need a few things first to use this tutorial:

  • A New Relic account with an API key and Account ID

  • A Nightfall API key

  • An existing Nightfall Detection Rule

  • A Python 3 environment (version 3.6 or later)

  • The most recent version of Python Nightfall SDK

To accomplish this, we will install the version required of the Nightfall SDK:

pip install nightfall=0.6.0

We will be using Python and installing/importing the following libraries:

import argparse
import csv
import os
import sys
import time
import collections

import requests
from nightfall import Nightfall

Note, we are setting the New Relic authentication information as the below environment variables, and referencing the values from there:

  • NR_API_KEY

  • NR_ACCOUNT_ID

nr_api_key = os.environ.get('NR_API_KEY')
nr_account_id = os.environ.get('NR_ACCOUNT_ID')
nightfall_api_key = os.environ.get('NIGHTFALL_API_KEY')
detectionRuleUUID = os.environ.get('DETECTION_RULE_UUID')

Next we abstract a nightfall class from the SDK, for our API key.

nightfall = Nightfall(nightfall_api_key)

First we will set up the connection with New Relic, and get the data to be scanned from there.

The code sample below will help to scan:

  1. logs - Scans the 100 most recent logs from New Relic. (Note: This can be modified to meet your needs)

Please follow that same option in the next few panes:

# This will return the most recent 100 logs from New Relic.

url = 'https://api.newrelic.com/graphql'

headers = {
  'Content-Type': 'application/json',
  'Api-Key': nr_api_key
}

query = """query {{
    actor {{
        account(id: {nr_account_id}) {{
        name
        nrql(query: "SELECT * FROM Log") {{
            results
        }}
        }}
    }}
    }}""".format(nr_account_id=nr_account_id)

try:
  response = requests.post(
    url=url,
    headers=headers,
    json={'query': query}
  )

  response.raise_for_status()

except requests.HTTPError:
  msg = f"ERROR: NewRelic API returned: {response.status_code} {response.text}"
  sys.exit(msg)

logs = response.json()['data']['actor']['account']['nrql']['results']

We then run a scan on the aggregated data from New Relic, using the Nightfall SDK:

scan_logs = {log['messageId']:log['message'] for log in logs}

findings = nightfall.scan_text(
    [scan_logs],
    detection_rule_uuids=[detectionRuleUUID]
)

To review the results, we will write the findings to an output csv file:

all_findings = []
all_findings.append(
  [
    'message_id', 'detector', 'confidence', 
    'finding_start', 'finding_end', 'fragment'
  ]
)

for messageID, finding in findings.items():
  if finding is None:
    continue

    for item in finding:
			fragment = item['finding']


      row = [
        messageID,
        fragment,
        item['detector']['name'],
        item['confidence'],
        item['location']['byteRange']['start'],
        item['location']['byteRange']['end'],
        item['location']['codepointRange']['start'],
        item['location']['codepointRange']['end']
        ]

      all_findings.append(row)

      if len(all_findings) > 1:
        filename = "nf_newrelic_output-" + str(int(time.time())) + ".csv"
        with open(filename, 'w') as output_file:
          csv_writer = csv.writer(output_file, delimiter=',')
          csv_writer.writerows(all_findings)
        print("Output findings written to", filename)
      else:
        print('No sensitive data detected. Hooray!')

Note:

The results of the scan will be outputted to a file named nf_newrelic_output-TIMESTAMP.csv.

This example will include the full finding above. As the finding might be a piece of sensitive data, we would recommend using the Redaction feature of the Nightfall API to mask your data. More information can be seen in the 'Using Redaction to Mask Findings' section below.

Finding the Logs in New Relic

The New Relic API does not provide a great way to get a direct URL to a log message. The simplest way to find the log message with sensitive data is to navigate to the New Relic UI and search your logs with this query messageId:"$YOUR_MESSAGE_ID". You can copy the messageId from the CSV file generated using this script.

Using Redaction to Mask Findings

With the Nightfall API, you are also able to redact and mask your New Relic findings. You can add a Redaction Config, as part of your Detection Rule. For more information on how to use redaction, and its specific options, please refer to the guide here.

Using the File Scanning Endpoint with New Relic

The example above is specific to the Nightfall Text Scanning API. To scan files, we can use a similar process as we did the text scanning endpoint. The process is broken down into the sections below, as the file scanning process is more intensive.

Prerequisites

To utilize the File Scanning API you need the following:

  • An active API Key authorized for file scanning passed via the header Authorization: Bearer — see Authentication and Security

  • A Nightfall Detection Policy associated with a webhook URL

  • A web server configured to listen for file scanning results (more information below)

Steps to use the Endpoint

  1. Retrieve data from New Relic

Similar to the process in the beginning of this tutorial for the text scanning endpoint, we will now initialize our and retrieve the data we like, from New Relic. The below example will show the most recent 100 logs:

# This will return the most recent 100 logs from New Relic.

url = 'https://api.newrelic.com/graphql'

headers = {
  'Content-Type': 'application/json',
  'Api-Key': nr_api_key
}

query = """query {{
    actor {{
        account(id: {nr_account_id}) {{
        name
        nrql(query: "SELECT * FROM Log") {{
            results
        }}
        }}
    }}
    }}""".format(nr_account_id=nr_account_id)

try:
  response = requests.post(
    url=url,
    headers=headers,
    json={'query': query}
  )

  response.raise_for_status()

except requests.HTTPError:
  msg = f"ERROR: NewRelic API returned: {response.status_code} {response.text}"
  sys.exit(msg)

logs = response.json()['data']['actor']['account']['nrql']['results']

scan_logs = {log['messageId']:log['message'] for log in logs}

Now we go through write the logs to a .csv file.

filename = "nf_newrelic_input-" + str(int(time.time())) + ".csv"  

with open(filename, 'w') as output_file:
  csv_writer = csv.writer(output_file, delimiter=',')
  csv_writer.writerows(scan_logs)
     
print("New Relic Logs Written to: ", filename)

  1. Begin the file upload process to the Scan API, with the above written .csv file, as shown here.

  3. The scanning endpoint will work asynchronously for the files uploaded, so you can monitor the webhook server to see the API responses and file scan findings as they come in.

PreviousDatadog DLP TutorialNextDatastore Protection

Last updated 10 months ago

Was this helpful?

Next, we define the Detection Rule with which we wish to scan our data. The Detection Rule can be and referenced by UUID.

Once the files have been uploaded, begin using the scan endpoint mentioned . Note: As can be seen in the documentation, a webhook server is required for the scan endpoint, to which it will send the scanning results. An example webhook server setup can be seen here.

pre-made in the Nightfall web app
here